CVE-2021-26594

Name of the Vulnerable Software and Affected Versions Directus versions 8.x through 8.8.1

Description An issue exists where an attacker can switch to the administrator role without any control by the back end, using the PATCH method. This issue only affects products that are no longer supported by the maintainer.

Recommendations For versions 8.x through 8.8.1, as a temporary workaround, consider restricting access to the PATCH method until a solution is available. However, since these versions are no longer supported, the primary recommendation is to upgrade to a supported version if possible. At the moment, there is no information about a newer version that contains a fix for this vulnerability.